Cybersecurity

US concerns grow over potential Russian cyber targeting of Ukraine amid troop buildup

The increase in tensions between the United States and Russia due to Moscow amassing troops on the border with Ukraine is raising concerns Russia may not only put boots on the ground but also turn to hacking operations to put pressure on the U.S. and Ukraine. 

Those concerns are underlined by massive hacking efforts by Russia against Ukraine over the past few years and the ransomware attacks linked to Russian hackers against critical U.S. organizations.

“This is a Russian calling card,” Mark Montgomery, senior director of the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies, told The Hill Wednesday. “I do worry that they will use their cyber and disinformation tools to try to undermine the stability of the Ukrainian economic security and national security.”

Ukraine is no stranger to Russian aggression in cyberspace and has often been viewed by experts as a testing ground for Russian cyber capabilities, with attacks ramping up after fighting broke out between the two nations in 2014. 

In 2015, hackers later linked to Russia took down portions of Ukraine’s power grid in an attack that resulted in almost a quarter million Ukrainians losing power and heat in the dead of winter. A similar attack against companies supporting Ukraine’s power grid took place in 2016.

The NotPetya malware virus, released by Russian hackers in 2017 just prior to Ukraine’s Constitution Day, targeted Ukrainian banks, newspapers and other essential companies, wreaking havoc. The malware eventually spread across much of the world, causing billions of dollars in damage and becoming one of the most destructive cyberattacks in history.

The Justice Department last year indicted six members of the GRU, Russia’s Main Intelligence Directorate, in connection to the hacking incidents against Ukraine, and President Biden has made pushing back against Russian cyber aggression against the U.S. a priority.

But despite these efforts, experts are concerned cyberattacks could take place in tandem with Russia moving troops to the border of Ukraine.

“I certainly wouldn’t be surprised if they released a new novel capability there. That has happened many times,” John Hultquist, vice president of intelligence analysis at cybersecurity company Mandiant, told The Hill Wednesday. “The interesting thing about a lot of this capability is it’s used often before any actual shooting, because it’s a tool that is deniable and … useful as a tool prior to war.” 

Biden has sought in recent weeks to pull Russia back from the edge of a potential invasion of Ukraine, including calling and talking with Russian President Vladimir Putin on the topic last week. This came months after they met in Geneva to discuss cybersecurity concerns, such as ransomware attacks on critical U.S. organizations linked to Russian-based hackers, and talks have continued since then.

But amid newly heightened tensions over Ukrainian geopolitical concerns, the talks may do little to tamp down potential cyber aggression. 

“Let’s just call a spade a spade. Ever since the meeting in Geneva, they have dramatically, dramatically escalated systemic attacks against critical infrastructure and the technology community, period,” Tom Kellermann, the head of cybersecurity strategy at technology company VMware, told The Hill this week.  

“I would say that going forward, all physical kinetic military action that would be occurring in Eastern Europe will be preceded by a cyber pulse, and I don’t see why that is not going to happen sooner rather than later,” Kellermann said.  

Leaders on Capitol Hill are also concerned around the potential for cyberattacks to come to the fore as tensions rise.  

“Russia has consistently used cyber against Ukraine,” Senate Intelligence Committee Chairman Mark Warner (D-Va.) told The Hill this week. “Already the level of conflict between Ukraine and Russia, it’s not a shooting war in the physical sense, but it’s an active conflict.”

Senate Homeland Security and Governmental Affairs Committee Chairman Gary Peters (D-Mich.) told The Hill that “you always have to be concerned about that; the Russians have sophisticated cyber operations,” while Senate Armed Services Committee member Richard Blumenthal (D-Conn.) warned that cyber operations could pinpoint specific issues. 

“The Russians have been very focused on using cyber to disrupt not only our national defense but our allies and potentially Ukraine, so I am deeply concerned that they are going to be using cyber against Ukrainians, especially to intercept and interfere with the use of arms that we may provide to Ukraine,” Blumenthal told The Hill Wednesday.

The U.S.-Russia tensions over Ukraine are also coming at a tenuous time in cyberspace following the discovery late last week of a vulnerability in Apache logging package log4j that is used widely in organizations around the world. 

Cybersecurity professionals have been left scrambling to institute patches before exploitation can occur, but they are in a race with nation states and cybercriminals alike. Both Microsoft and Mandiant this week publicly acknowledged that state-sponsored hackers, including those in China and Iran, were actively exploiting the vulnerability to target organizations, with Russia likely to join the ranks.  

“The unit who conducts cyber espionage already has their wish list of targets, and so this vulnerability allows them to improve their ability to gain access to those targets,” Hultquist said of potential Russian use of the log4j vulnerability. “They are going to try to make their way through that wish list using that tool … without a doubt, it will be leveraged by cyber espionage actors and cyber actors.”

Heightening concerns further is the lack of an established red line that would make clear what constitutes an act of war in cybersecurity, lowering the stakes for Russia if they want to hit either the U.S. or Ukraine and minimize consequences.

“We have to be willing to attribute aggressively,” Montgomery said. “This is a big problem in the cyber sphere, when a country attacks another country with a cruise missile, we identify it within hours … but when a cyberattack occurs, instead of minutes or hours, it tends to be weeks or months, and we have to shorten that gap and rapidly share information with our European allies.”

Hultquist noted that tracking Russian cyber activity is difficult, and no major cyber operations against Ukraine have come to light at this point in the troop buildup. But that does not mean that either the U.S. or Ukraine was in the clear headed into the holidays. 

“I think that Vladimir Putin will very willingly use whatever tools are at his disposal to do whatever he wants,” Montgomery said. “I think he makes his own decisions, and the fact that it bothers us gives him a level of enjoyment.”